[Security] PGP (XEP-0027)

Dave Cridland dave at cridland.net
Tue Jun 2 14:56:20 CDT 2009


On Tue Jun  2 18:56:35 2009, Jonathan Schleifer wrote:
> What if DSA gets completely broken someday? Then we're screwed. And  
> if
> we want to be algorithm-independant, we need to implement something
> very similar to OpenPGP anyway.

Or TLS.

Which, incidentally, can use PGP keys.

But in any case, I don't think the crypto is actually the tricky bit  
with single-message stuff, it's formatting, since ideally you want to  
sign everything (including <iq/>) in a way that lets those signatures  
be ignorable to naïve actors, which is going to be a tough one to  
solve. (Easy for messages, but impossible for <iq/> as far as I can  
see.)

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade


More information about the Security mailing list